Have You Tried A Profile?

Luckily, Apple have made the initial attempt easier by adding an AD Certificate payload to Profile Manager. This means that most MDM’s should have the payload as an option, if not spin up a copy of Profile Manager.

Incidentally, I advocate the use of profiles for any Certificate deployment.

It’s simple & if you’re deploying an internal Root Certificate & via an MDM where the profiles are trusted then the certificate should be always trusted, (as shown below).

That’s Not My Name

The payload should ask you for details similar to that shown below, (which is from a JSS). Each option is important, but make note of the Certificate Template field.

This needs to be the “Template name” of the Certificate Template to use when requesting a certificate & not the “Template display name”. The below should help to illustrate this.

Your ADCS administrator or someone with access to the server should be able to verify the details of the certificate template to use from the CertSrv mmc.

Post navigation

8 thoughts on “OSX & AD Certificate Requests, some tips”

There was a nice presentation @ a Macbrained event in March 2015 on a related topic: Identify Certicificate Requests for Un-AD Bound Macs by Nick Kalister. video here (may need to sing in to Macbrained to view…) http://macbrained.org/recap-march-2015/ & the links to resources I believe are mentioned in the presentation.